Jérémy Lecour
404f4445d4
When including a specific tasks file, we bypass the "main" tasks of the role and the conditionals. That way we don't play useless tasks and don't rely on default values.
38 lines
1.1 KiB
YAML
38 lines
1.1 KiB
YAML
---
|
|
- name: Install Evolix public repositry
|
|
include_role:
|
|
name: apt-repositories
|
|
tasks_from: evolix_public.yml
|
|
|
|
- name: evomaintenance is installed
|
|
apt:
|
|
name: evomaintenance
|
|
allow_unauthenticated: yes
|
|
|
|
- name: configuration is applied
|
|
template:
|
|
src: evomaintenance.j2
|
|
dest: /etc/evomaintenance.cf
|
|
|
|
- name: list users with a shell
|
|
shell: "cat /etc/passwd | grep -vE \"^root:\" | grep -E \":/[^:]+sh$\" | cut -d: -f6"
|
|
changed_when: False
|
|
check_mode: no
|
|
register: home_of_shell_users
|
|
|
|
- include: trap.yml home={{ item }}
|
|
with_items: "{{ home_of_shell_users.stdout_lines }}"
|
|
|
|
- name: minifirewall section for evomaintenance
|
|
lineinfile:
|
|
dest: /etc/default/minifirewall
|
|
line: "/sbin/iptables -A INPUT -p tcp --sport 5432 --dport 1024:65535 -s {{ item }} -m state --state ESTABLISHED,RELATED -j ACCEPT"
|
|
insertafter: "^# EvoMaintenance"
|
|
with_items: "{{ evomaintenance_hosts }}"
|
|
|
|
- name: remove minifirewall example rule for the proxy
|
|
lineinfile:
|
|
dest: /etc/default/minifirewall
|
|
regexp: '^#.*(--sport 5432).*(-s X\.X\.X\.X)'
|
|
state: absent
|